ISO 22301

The standard for Business Continuity Management Systems

ISO 22301 is a global standard for Business Continuity Management Systems (BCMS). It helps organisations anticipate, respond to, and recover from business disruptions. Implementing the standard can help organisations improve business resilience and maintain critical business functions.

Get Started Today

Enter your details below to get started on
your journey to certification.

What Is ISO 22301?

ISO 22301 is a global standard that outlines how to set up an effective Business Continuity Management System (BCMS).

It helps organisations prepare for, deal with, and recover from disruptions by focusing on resilience, risk management, and continuity planning.

Implementing ISO 22301 helps organisations establish processes to identify potential threats, reduce the impact of disruptions, and maintain the continuity of critical business functions. This standard is relevant to organisations of any size and type.

Achieving ISO 22301 certification helps to assure stakeholders that the business can effectively handle unexpected incidents.

Understanding ISO 22301

ISO 22301 is a global management standard that is widely used to help businesses improve operational continuity, safeguard assets, and maintain stakeholder trust during unexpected incidents.

Since its release in 2012, the standard has been updated to offer improved support for organisations in managing business continuity.

The latest version emphasises the importance of strategic planning, risk assessment, and response strategies. It also highlights the role of leadership in creating a culture of resilience across the organisation.

The current version is ISO 22301:2019.

Who Needs ISO 22301?

ISO 22301 can be implemented by businesses of any size, in any industry.

Achieving certification helps organisations create strategies to identify risks and handle disruptions, ensuring key business activities continue. ISO 22301 provides a clear framework to boost preparedness and response strategies.

The ISO 22301 standard is particularly useful for organisations wanting to improve their reputation with clients and partners by showing strong business continuity plans.

ISO 22301 is relevant for companies, public services, non-profits, and educational institutions. Speak with our team to find out more.

Speak To Our Team

Benefits of ISO 22301

ISO 22301 offers several benefits for organisations aiming to improve their business continuity and resilience, including:

Better resilience – Helps organisations prepare for and respond to disruptions, reducing their impact.
Risk management – Provides a framework for identifying threats, assessing risks, and planning mitigation strategies.
Stakeholder confidence – Shows a commitment to operational resilience, building trust with clients and stakeholders.
Regulatory compliance – Helps businesses meet legal and regulatory requirements related to continuity.
Operational efficiency – Managing disruptions proactively leads to better processes and resource use.
Competitive advantage – Boosts an organisation’s reputation by demonstrating robust continuity planning.
Continual improvement – Encourages ongoing evaluation and enhancement of continuity strategies.

Discover More About ISO 22301

The ISO 22301 Standard Explained

ISO 22301 Specification

ISO 22301 was first introduced by the International Organization for Standardization (ISO) in 2012 to address global business continuity needs. It built on earlier standards but provided a comprehensive framework for organisations of all sizes and industries.

The standard was updated in 2019 to reflect the evolving landscape of business continuity challenges. The latest version also integrates modern risk management practices.

Thanks to its widespread adoption, ISO 22301 has become a key business management system standard.

Read Our Guide

ISO 22301 Requirements

ISO 22301 guides you in setting up an effective Business Continuity Management System (BCMS) for your organisation. The standard focuses on several key areas to support operational resilience:

Scope – Clearly define your BCMS boundaries and impact on operations.
Leadership – Ensure top management actively support and commit to the BCMS for effective operation.
Planning – Identify risks and opportunities, set continuity objectives, and plan actions to achieve them.
Support – Ensure you have the right resources, people, and infrastructure for the BCMS.
Operations – Efficiently manage processes to maintain essential functions during disruptions.
Performance evaluation – Track how well your BCMS is performing and identify areas for improvement.
Improvement – Focus on continual improvement to enhance business continuity.

These requirements help you create a robust framework that strengthens your organisation’s ability to maintain operations during disruptions.

Download ISO 22301 Key Requirements

ISO 22301 Certification

ISO 22301 certification demonstrates that your organisation’s BCMS meets the ISO 22301 standard. It shows customers, partners, and regulators of your business’s ability to maintain operations during disruptions.

An independent body evaluates your BCMS’s processes, plans, and response strategies. If they meet ISO 22301 standards, certification is achieved. This must be renewed periodically to maintain compliance.

Certification builds trust with stakeholders, meets contractual obligations, and provides a competitive advantage by demonstrating your commitment to resilience.

To achieve certification, follow these steps:

Understand the standard – Familiarise yourself with ISO 22301 requirements to align your BCMS.
Implement your BCMS – Develop plans, train staff, and address any gaps. Consider using consultants or templates if needed.
Conduct an internal audit – Evaluate your BCMS against ISO 22301 to identify and fix issues before the formal assessment.
Choose a certification body – Select an accredited body to conduct an external audit of your BCMS.
Pass the certification audit – The audit involves two stages:
- Stage 1: Review documentation and readiness for certification
- Stage 2: Assess the practical implementation of your BCMS
Maintain certification – Regular audits ensure your BCMS continues to meet ISO 22301 standards.

Thorough preparation can mean achieving certification is manageable for your organisation.

Learn More About ISO 22301 Certification

ISO 22301 Resources

Access our free ISO 22301 resources designed to help you
discover, understand and build a Business Continuity
Management System to ISO 22301 standard.

ISO 22301 Guides

In-depth ISO 22301 guides created by our UK-based ISO 22301 experts.

Guides

ISO 22301 Checklists

Download our checklists and templates to help you get started.

Checklists

Certification Case Studies

Discover how organisations have achieved ISO certification.

Case Studies

ISO 22301 Training

Get started with our range of expert-led ISO 22301 training courses.

Training

ISO 22301 Software

Discover our industry-leading ISO management software.

ISO Software

ISO Videos

Expand your knowledge with our range of ISO videos

Videos

Find a Consultant

Access a list of third-party ISO consultants who may be able to support your needs.

Find a Consultant

Learn More About ISO 22301

What is a corrective action plan?

Learn about what makes a corrective action plan and how creating one can support ISO 22301 certification.

ISO 22301 key requirements – free download

Get our free guide explaining what the key requirements are for achieving certification toward ISO 22301.

ISO buyers guide

If you're considering ISO certification for the first time, it can be a confusing process. We are here to simplify the process.

Free introduction training – ISO 22301 course

Enrol in our free ISO 22301 course for an overview of the ISO standard and the role an effective BCMS plays.

ISO 22301 Standard FAQs

What does ISO 22301 stand for?

ISO 22301 is an international standard for Business Continuity Management Systems (BCMS). It provides a framework for organisations to improve their business resilience and minimise the impact of disruptions.

The ISO element stands for the ‘International Organization for Standardization’ – an independent, non-governmental international organisation that develops and publishes business management system standards.

The International Organization for Standardization (ISO) assigns each of its standards a number – in this case, the standard’s number is ‘22301’. The ISO numbering system categorises and identifies different standards within its catalogue.

What is the difference between ISO 22301 and 27001?

ISO 22301 and ISO 27001 are both standards published by the International Organization for Standardization, however, they focus on very different areas of business operations. While both standards involve risk management and require leadership commitment, ISO 22301 is centred around business continuity, whereas ISO 27001 is focused on information security.

ISO 22301

Focus – Business Continuity Management Systems (BCMS).
Purpose – Provides a framework for businesses to prepare for, respond to, and recover from disruptive incidents. This helps to improve the continuity of business functions.
Scope – Covers risk management, continuity strategies, and recovery plans to minimise the impact of disruptions on operations.

ISO 27001

Focus – Information Security Management Systems (ISMS).
Purpose – Provides a framework for managing and protecting sensitive information, supporting data confidentiality, integrity, and availability.
Scope – Involves risk assessment, information security policies, access control, and incident management to safeguard information assets.

Organisations sometimes implement both standards together to manage risks related to business operations and information security.

What are the key points of ISO 22301?

The ISO 22301 standard can help organisations with the following key points and more:

Organisational resilience – Develop the ability to effectively respond to disruptions and maintain operations.
Risk management – Identify potential threats, assess their impacts, and create strategies to mitigate risks.
Business Impact Analysis (BIA) – Understand critical functions and the effects of disruptions on the business.
Leadership and commitment – Ensure senior management’s active support and involvement in the BCMS.
Planning and preparedness – Create comprehensive business continuity plans and strategies.
Resource management – Allocate necessary resources, competencies, and infrastructure to support the BCMS.
Stakeholder management – Identify and address the needs and expectations of interested parties.
Compliance – ISO 22301 can support businesses in meeting legal, regulatory, and other business continuity requirements.
Continual improvement – Continually monitor, measure and improve the effectiveness of the BCMS.

What are the ISO 22301 policies?

ISO 22301 itself does not prescribe specific policies, but it requires organisations to establish policies as part of their BCMS. These policies set the framework and direction for how business continuity will be managed.

For example, one important policy that must be established is the Business Continuity Policy. This outlines the organisation’s commitment to maintaining business continuity and resilience. It should define the scope, objectives, and principles of the BCMS.

Organisations might also create other policies around the following to meet requirements:

Business Impact Analysis (BIA)
Risk Management
Communication

These policies should be tailored to the specific needs and context of the organisation and are typically approved by senior management to demonstrate leadership commitment to business continuity.

Sign Up to Our Newsletter

Enter your details below to stay up to date with all the latest certification news and expert insights.

Related ISO Standards

ISO 9001

ISO 9001 is an internationally recognised standard for quality management, helping businesses across industries improve the quality of their products and services.

Learn More

ISO 14001

ISO 14001 is a globally recognised standard for Environmental Management Systems, helping organisations improve sustainability & reduce environmental impact.

Learn More

ISO 27001

Discover ISO 27001, the global standard for information security management, safeguarding data integrity, confidentiality, and availability.

Learn More

ISO 42001

Learn about ISO 42001, the first international standard outlining the requirements for Artificial Intelligence Management Systems (AIMS).

Learn More

ISO 45001

Discover ISO 45001, the international standard for Occupational Health and Safety Management Systems. Learn how ISO 45001 helps businesses improve safety.

Learn More